As a Roblox developer, it is currently too hard to verify the authenticity of player-inventory results. As of currently; AvatarEditorService:GetInventory, AvatarEditorService:GetOutfits and less-importantly AvatarEditorService:GetFavorite are all required to be run on the client. This means if we wish to run these from the server; we need to send these over via remote event from the client and verify the integrity of the data on the server.
Unfortunately, it is near-impossible to do this; current workarounds look like this:
-
GetInventory; spam hundreds of requests to MarketplaceService:UserOwnsAsset. This can take an extreme amount of time to complete and steals away from our rate limit for MarketplaceService; we are practically locked out of using MarketplaceService for anything else while doing this.
-
GetOutfits; no workaround. There is no good API to check for outfit ownership.
-
GetFavorite; no workaround. Lacking permissions to check for this.
If Roblox is able to address this issue, it would improve my development experience because I could more easily make use of AvatarEditorService’s inventory APIs for operations that need to be run on the server.